Litecoin Network Hit by Denial-of-Service Attack, Successfully Reverses 13 Blocks

On Friday and Saturday, a series of events unfolded as a 13-block chain reorganization occurred on the Litecoin network, effectively rewinding 32 minutes of network activity. This reorganization was a response to a denial-of-service attack that exploited a vulnerability in the Mimblewimble Extension Block (MWEB) protocol, allowing invalid transactions to bypass nodes that had not been updated. The Litecoin Core v0.21.5.4 release has since been made available, advising all users to upgrade due to important security updates. According to the Litecoin Foundation, the bug has been fully patched and the network is now operating normally. However, security researchers have pointed out discrepancies in the timeline of events, suggesting that the vulnerability was known and patched privately a month before the attack, but the fix had not been publicly disclosed or mandated for all mining pools. This created a window of opportunity for attackers, who appeared to be aware of which miners were running the patched code and which were still vulnerable. The attack involved a combination of a denial-of-service attack and an exploit of the MWEB bug, with the attackers pre-funding a wallet 38 hours before the exploit and configuring it to swap LTC for ETH on a decentralized exchange. The fact that the network was able to automatically handle the 13-block reorganization once the denial-of-service attack stopped suggests that enough hashrate was running updated code to overpower the attack. This incident highlights the differences in how various networks respond to exploits, with newer chains often being able to coordinate upgrades quickly, while older proof-of-work networks like Litecoin and Bitcoin rely on independent mining pools to upgrade, creating a potential window of vulnerability.